Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in GitLab Products
Alerts

Critical Vulnerability in GitLab Products

17 July 2024

GitLab has released security updates addressing a critical vulnerability (CVE-2024-6385) in their GitLab Community Edition (CE) and Enterprise Edition (EE) products. The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10.

Successful exploitation of the vulnerability could allow an unprivileged attacker to hijack the identity of a user and gain access to their projects, data, and code repositories.

The vulnerability affects GitLab CE/EE versions 15.8 prior to 16.11.6, 17.0 prior to 17.0.4, and 17.1 prior to 17.1.2.

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here:

https://nvd.nist.gov/vuln/detail/CVE-2024-6385

https://www.darkreading.com/application-security/-gitlab-sends-users-scrambling-again-with-new-ci-cd-pipeline-takeover-vuln

https://about.gitlab.com/releases/2024/07/10/patch-release-gitlab-17-1-2-released/#an-attacker-can-run-pipeline-jobs-as-an-arbitrary-user

Back to top